Cloud Workload Protection

With Prisma® Cloud you can secure hosts, containers and serverless applications across the full application lifecycle.

Request a Trial

Cloud Workload Protection Platform Hero Front Image

Cloud Workload Protection Platform Hero Back Image

WHY IT MATTERS
OUR APPROACH
MODULES
RESOURCES

Cloud native applications are increasingly distributed across VMs, hosts, containers, Kubernetes® and serverless architectures. Unique security requirements for each make consistent workload protection a challenge.

Read Gartner’s report on Cloud Workload Protection Platforms.

Download the report

Environments are constantly evolving

With DevOps teams deploying weekly or even daily, public and private cloud environments are constantly changing. Security teams struggle to gain control over these deployments without slowing down release velocity.

The shift to microservices means more entities to secure

DevOps and infrastructure teams are leveraging a combination of containers, Kubernetes and serverless functions to run cloud native applications. This diversity, along with an ever-increasing cloud footprint, leads to a much larger number of entities to protect.

Diverse architectures limit visibility and impede protections

Enterprises use wide-ranging combinations of public and private clouds, cloud services and application architectures. These complex environments create blind spots and protection challenges for overworked security teams.

Secure hosts, containers and serverless across hybrid and multi-cloud environments

Prisma Cloud is a comprehensive Cloud Workload Protection solution that delivers flexible protection to secure cloud VMs, containers and Kubernetes apps, serverless functions and containerized offerings like Fargate tasks. With Prisma Cloud, DevOps and cloud infrastructure teams can adopt the architecture that fits their needs without worrying about security keeping pace with release cycles or protecting multifaceted tech stacks.

Support for public and private clouds
Flexible agentless scanning and agent-based protection
Integration across the application lifecycle

THE PRISMA CLOUD SOLUTION

Our approach to Cloud Workload Protection

Vulnerability management

Securing cloud native applications requires a comprehensive view into every host, container and serverless function. Prisma Cloud delivers a centralized dashboard to help prioritize risks in real time across public cloud, private cloud and on-premises environments.

Manage risk from a single dashboard

Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring.
See vulnerability status with remediation guidance

View every CVE with details and up-to-date vendor fix information, supporting all cloud native technologies.
Alert on or prevent vulnerabilities across environments

Set precise policies to alert on or prevent vulnerable components from running on your environments.
Integrate data with your existing systems

Integrate vulnerability alerts into common endpoints, including JIRA, Slack, PagerDuty, Splunk, Cortex XSOAR, ServiceNow and more.

Learn more

Compliance

Cloud native applications require purpose-built controls to gain visibility into compliance posture and maintain compliance for dynamic, ephemeral infrastructures. Prisma Cloud delivers real-time and historical views into compliance status for hosts, containers and serverless functions.

Achieve compliance from a single solution

Centrally monitor compliance posture with a single dashboard that covers hosts, containers and serverless functions as well as Kubernetes and Istio™.
Use 400+ customizable checks for cloud native applications

Cover leading frameworks, including PCI DSS, HIPAA, GDPR and NIST SP 800-190, with pre-built compliance templates.
Leverage CIS Benchmarks:

Implement or customize checks based on CIS Benchmarks, with approved coverage for the AWS®, Docker®, Kubernetes and Linux CIS Benchmarks.
Ensure image trust

Use trusted images to ensure that application components only originate from authorized sources.
Integrate compliance across the application lifecycle

Add compliance checks as part of the full application lifecycle, to alert on or prevent misconfigurations in your applications from reaching production.

Learn more

CI/CD security

To secure cloud native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

Support all your application components

Scan Git repositories, container images, AMIs and serverless functions.
Integrate with DevOps workflows

Integrate with any continuous integration (CI) solution, such as Jenkins, CircleCI, AWS CodeBuild, Azure DevOps, Google Cloud Build and more.
Prioritize risk from central dashboards

View vulnerability information and compliance results, and vendor fix information across build, deploy and run.
Surface scan results in developer tooling and central dashboards

View scan results and details both at their source and with an aggregated view.
Enforce security policies to prevent builds from moving forward in pipelines

Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

Learn more

Runtime defense

Cloud native applications scale dynamically, requiring a modern, automated approach to protection that prevents applications from unwanted activity and threats. With Prisma Cloud, ensure hosts, containers and serverless applications are secure – whether you’re running on public clouds, private clouds or on-premises.

Unify protection with a single agent

Secure them all from a single solution – Prisma Cloud supports Linux and Windows hosts, containers and Kubernetes, as well as emerging technologies like PaaS and serverless.
Automate security without needless manual effort

Automate baseline policies across process, file system and network activity to achieve security at enterprise scale.
Capture detailed forensics of every audit or security incident

Automatically and securely gather forensics details in a powerful timeline view to enable incident response. You can view data in Prisma Cloud or send it to other systems for deeper analysis.
Prevent activity across any environment

Manage runtime policies all from a centralized console to ensure security is always present as part of every deployment.
Enable your SOC teams with context rich data

With mapping of incidents to MITRE ATT&CK framework, along with detailed forensics and rich metadata eliminates the challenges for SOC teams in identifying and tracking threats for ephemeral cloud-native workloads.

Download the e-book

Access control

Modern applications need deep, integrated security to protect the entire application stack. With Prisma Cloud, organizations can leverage security optimized for cloud native architectures.

Gain control over Docker activities

Manage rules governing Docker configurations, containers, images, nodes, plugins, services and more to ensure your environment runs as you choose.
Manage secrets for your containers

Take advantage of integration with secrets management tools, like CyberArk and HashiCorp, to ensure your secrets are properly managed and secured.
Capture Kubernetes audits

Deploy security purpose-built for cloud native tech stacks. Prisma Cloud ingests Kubernetes audit data and surfaces rules to identify events to alert on.
Secure deployments with Open Policy Agent

Craft rules in Rego policy language to gain control over every deployment.
View audit results in a single dashboard

Surface all audit alerts and activities in a single pane of glass for analysis.

Learn more

Flexible control

Cloud workloads and apps constantly evolve. Organizations need agile, integrated controls to ensure the entire stack is protected. Only Prisma Cloud offers the flexibility to use agentless and agent-based protections to suit your needs.

Agentless scanning for easy visibility

Gain rapid visibility without deploying preventative or blocking capabilities. Agentless scanning provides quick assessments of risk, including known CVEs, misconfigurations, and other security issues.
Agent-based protection for deep insight

A unified agent framework supports defense-in-depth to secure cloud native apps. Agent-based protection provides deep forensic visibility and preventative policies to block and stop suspicious activity.
One dashboard and one policy engine for both approaches

Prisma Cloud is the industry's only solution to offer both agentless and agent-based security, all managed from a single location.

Prisma Cloud

Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Learn more